TECHspot

Internet Information Services 6 (IIS 6) is a powerful platform for hosting web sites on both the public Internet and on private intranets. Creating and configuring web sites and virtual directories are bread-and-butter tasks for IIS Administrators, and in this article we'll walk through the process of doing this using both the GUI (IIS Manager) and using various scripts included with Windows Server 2003. The seven specific tasks we'll walk through will include:

• Creating a Web Site
• Creating a Local Virtual Directory
• Creating a Remote Virtual Directory
• Controlling Access to a Web Site
• Configuring Web Site Logging
• Configuring Web Site Redirection
• Stopping and Starting Web Sites

For sake of interest, we'll explain these tasks in the context of a fictitious company called TestCorp as it deploys IIS for its corporate intranet.

Preliminary Steps

Unlike earlier versions of Microsoft Windows, IIS is not installed by default on Windows Server 2003. To install IIS, open Manage Your Server from the Start menu and add the Application Server role:

Note that for simple security reasons IIS should only be installed on member servers, not domain controllers. The reason is that if you install IIS on a domain controller and your web server becomes compromised, the attacker could gain access to your accounts database and wreak havoc with your network.

Creating a Web Site

The simplest approach is to use a separate IP address to identify each web site on your machine. Let's say our server has five IP addresses assigned to it from the range 172.16.11.220 through 172.16.11.224. Before we create a new Human Resources web site, let's first examine the identify of the Default Web Site. Open IIS Manager in Administrative Tools, select Web Sites in the console tree, and right-click on Default Web Site and open it's properties:

The IP address for the Default Web Site is All Unassigned. This means any IP address not specifically assigned to another web site on the machine opens the Default Web Site instead. A typical use for the Default Web Site is to edit it's default document to display general information like a company logo and how to contact the Support Desk.

Let's use IP address 172.16.11.221 for the Human Resources site and make D:\HR the folder where the home page for this site is stored. To create the HR site, right-click on the Web Sites node and select New --> Web Site. This starts the Web Site Creation Wizard. Click Next and type a description for the site:

Click Next again and specify 172.16.11.221 as the IP address for the site:

Click Next and specify D:\HR as the home folder for the site. We've cleared the checkbox to deny anonymous access to the site because this is an internal intranet so only authenticated users should be able to access it (public web sites generally allow anonymous access):

Click Next and leave only Read access enabled since the Human Resources site will initially only be used to inform employees of company policies:

Click Next and then Finish to create the new web site:

Now let's create another intranet site, this time for Help Desk, which will use IP address 172.16.11.222 and home folder D:\Help. We'll create this one using a script instead of the GUI:

And here's the result:

The script we used here is Iisweb.vbs, one of several IIS administration scripts available when you install IIS on Windows Server 2003. The basic syntax of this script is easy to figure out from the previous screenshot, and a full syntax can be found here. Note that unlike the Web Site Creation Wizard used previously. you can't use this script create a web site with anonymous access disabled. So if you want to disable anonymous access you should do it by opening the properties sheet for the Help Desk site, selecting the Directory Security tab, and clicking the Edit button under Authentication and Access Control. This opens the Authentication Methods box where you can clear the checkbox to disable Anonymous Access and leave Windows Integrated Authentication as the only authentication method available for clients on your network:

Creating a Local Virtual Directory

Let's say Human Resources keeps their policies in a folder called D:\HR Policies on your web server and you would like users to be able to use the URL http://172.16.11.221/policies when they need to access these policies. To do this we need to create a virtual directory that associates the /policies portion of the URL, called the alias for the virtual directory, with the physical directory D:\HR Policies where these documents are actually located.

Let's do this now. Right-click on the Human Resources site and select New --> Virtual Directory to start the Virtual Directory Creation Wizard. Click Next and type the alias for the virtual directory:

Click Next and specify the physical folder on the local server to map to this alias:

Click Next and specify permissions (again we'll just leave Read enabled) and finish the wizard. Here's the result:

Let's do something similar using another IIS script named Iisvdir.vbs, only we'll create a /procedures virtual directory instead:

Open IIS Manager to display the new virtual directory:

Note the difference in the icons for the two virtual directories. That's because when the script creates a virtual directory it also creates an application starting point for that directory, while the wizard does not. This doesn't matter though, since for now we're only hosting static content in these directories. For the full syntax of Iisvdir.vbs see here.

Creating a Remote Virtual Directory

Help Desk likes to do things differently than Human Resources does, and their user manual is stored in HTML form in the share \\srv230\helpdesk on a network file server. Let's create a remote virtual directory within the Help Desk site that associates the alias /usermanual with this share. Right-click on the Help Desk site and select New --> Virtual Directory to start the Virtual Directory Creation Wizard again, specify usermanual as the alias for the directory, and type \\srv230\helpdesk as the UNC path to the share:

Click Next and a new screen appears prompting you to either specify credentials for accessing the share or use the authenticated user's credentials for this purpose (we'll use the latter):

Click Next and finish the wizard. Let's look at the result:

The Iisvdir.vbs script can similarly be used for creating remote virtual directories.

Controlling Access to a Web Site

Now that we have a couple of web sites and virtual directories created, let's look at a few administration tasks. This will be only a brief overview--you can find a much more detailed treatment of the subject in my book IIS 6 Administration (Osborne/McGraw-Hill).

First let's look at how we can control access to our web sites. There are basically four ways you can do this: NTFS Permissions, web permissions, IP address restrictions, and authentication method. NTFS permissions is your front line of defense but it's a general subject that we can't cover in detail here. Web permissions are specified on the Home Directory tab of your web site's properties:

By default only Read permission is enabled, but you can also allow Write access so users can upload or modify files on your site.

Script source access so users can view the code in your scripts (generally not a good idea), or Directory browsing so users can view a list of files in your site (also not a good idea). Web permissions apply equally to all users trying to access your site, and they are applied before NTFS permissions are applied. So if Read web permission is denied but NTFS Read permission is allowed, users are denied access to the site.

IP address restrictions can be used to allow or deny access to your site by clients that have a specific IP address, have an IP address within a range of addresses, or have a specific DNS domain name. To configure this, select the Directory Security tab and click the Edit button under IP Address and Domain Name Restrictions. This opens the following dialog, which by default does not restrict access to your site:

The main thing to watch for here is that denying access based on domain name involves reverse DNS lookups each time clients try to connect to your web site, and this can significantly impact the performance of your site.

The final way of controlling access to your sites is to use the Authentication Methods dialog box we looked at previously:

In summary, the five authentication options displayed here are:

• Anonymous access. Used mainly for web sites on public (Internet) web servers.
• Integrated Windows authentication. Used mainly for web sites on a private intranet.
• Digest authentication. Challenge/response authentication scheme that only works with clients running Internet Explorer 5.0 or later.
• Basic authentication. Older authentication scheme that transmits passwords over the network in clear text, so use this only in conjunction with SSL.
• .NET Passport authentication. Allows users to use their .NET Passport for authentication.

Configuring Web Site Logging

Since web sites are prime targets for attackers, you probably want to log hits to your site to see who's visiting it. By default IIS 6 logs traffic to all content as can be seen on the bottom of the General tab of the properties for a web site or virtual directory:

The default logging format is the W3C Extended Log File Format, and clicking Properties indicates new log files are created daily in the indicated directory. It's a good idea to specify that local time be used for logging traffic as this makes it easier to interpret the logs:

The key of course is to review log files regularly to look for suspicious activity. IIS doesn't include anything for this purpose, but the IIS 6.0 Resource Kit Tools does include version 2.1 of Microsoft Log Parser, which can be used for analyzing IIS logs. You can download these tools here.

Configuring Web Site Redirection

Sometimes you need to take your web site down for maintenance, and in such cases it's a good idea to redirect all client traffic directed to your site to an alternate site or page informing users what's going on. IIS lets you redirect a web site to a different file or folder on the same or another web site or even to an URL on the Internet. To configure redirection you use the Home Directory tab and choose the redirection option you want to use:

Stopping and Starting Web Sites

Finally, if sites become available you may need to restart IIS to get them working again. Restarting IIS is a last resort as any users currently connected will be disconnected and any data stored in memory by IIS applications will be lost. You can restart IIS using IIS Manager by right-clicking on the server node:

You can also do the same from the command-line using the Iisreset command:

Type iisreset /? for the full syntax of this command. You can also start and stop individual web sites using IIS Manager or the Iisweb.vbs script. And you can stop or start individual IIS services using the net commands, for example net stop w3svc will stop the WWW services only.

VPN Overview

A VPN is a private network created over a public one. It’s done with encryption, this way, your data is encapsulated and secure in transit – this creates the ‘virtual’ tunnel. A VPN is a method of connecting to a private network by a public network like the Internet. An internet connection in a company is common. An Internet connection in a Home is common too. With both of these, you could create an encrypted tunnel between them and pass traffic, safely - securely.

If you want to create a VPN connection you will have to use encryption to make sure that others cannot intercept the data in transit while traversing the Internet. Windows XP provides a certain level of security by using Point-to-Point Tunneling Protocol (PPTP) or Layer Two Tunneling Protocol (L2TP). They are both considered tunneling protocols – simply because they create that virtual tunnel just discussed, by applying encryption.

Configure a VPN with XP

If you want to configure a VPN connection from a Windows XP client computer you only need what comes with the Operating System itself, it's all built right in. To set up a connection to a VPN, do the following:

1. On the computer that is running Windows XP, confirm that the connection to the Internet is correctly configured.

• You can try to browse the internet
• Ping a known host on the Internet, like yahoo.com, something that isn’t blocking ICMP

2. Click Start, and then click Control Panel.

3. In Control Panel, double click Network Connections

4. Click Create a new connection in the Network Tasks task pad

5. In the Network Connection Wizard, click Next.

6. Click Connect to the network at my workplace, and then click Next.

7. Click Virtual Private Network connection, and then click Next.
8. If you are prompted, you need to select whether you will use a dialup connection or if you have a dedicated connection to the Internet either via Cable, DSL, T1, Satellite, etc. Click Next.

9. Type a host name, IP or any other description you would like to appear in the Network Connections area. You can change this later if you want. Click Next.

10. Type the host name or the Internet Protocol (IP) address of the computer that you want to connect to, and then click Next.
11. You may be asked if you want to use a Smart Card or not.

12. You are just about done, the rest of the screens just verify your connection, click Next.

13. Click to select the Add a shortcut to this connection to my desktop check box if you want one, if not, then leave it unchecked and click finish.
14. You are now done making your connection, but by default, it may try to connect. You can either try the connection now if you know its valid, if not, then just close it down for now.

15. In the Network Connections window, right-click the new connection and select properties. Let’s take a look at how you can customize this connection before it’s used.
16. The first tab you will see if the General Tab. This only covers the name of the connection, which you can also rename from the Network Connection dialog box by right clicking the connection and selecting to rename it. You can also configure a First connect, which means that Windows can connect the public network (like the Internet) before starting to attempt the ‘VPN’ connection. This is a perfect example as to when you would have configured the dialup connection; this would have been the first thing that you would have to do. It's simple, you have to be connected to the Internet first before you can encrypt and send data over it. This setting makes sure that this is a reality for you.

17. The next tab is the Options Tab. It is The Options tab has a lot you can configure in it. For one, you have the option to connect to a Windows Domain, if you select this check box (unchecked by default), then your VPN client will request Windows logon domain information while starting to work up the VPN connection. Also, you have options here for redialing. Redial attempts are configured here if you are using a dial up connection to get to the Internet. It is very handy to redial if the line is dropped as dropped lines are very common.

18. The next tab is the Security Tab. This is where you would configure basic security for the VPN client. This is where you would set any advanced IPSec configurations other security protocols as well as requiring encryption and credentials.

19. The next tab is the Networking Tab. This is where you can select what networking items are used by this VPN connection.

20. The Last tab is the Advanced Tab. This is where you can configure options for configuring a firewall, and/or sharing.

Connecting to Corporate

Now that you have your XP VPN client all set up and ready, the next step is to attempt a connection to the Remote Access or VPN server set up at the corporate office. To use the connection follow these simple steps. To open the client again, go back to the Network Connections dialog box.

1. One you are in the Network Connection dialog box, double-click, or right click and select ‘Connect’ from the menu – this will initiate the connection to the corporate office.

2. Type your user name and password, and then click Connect. Properties bring you back to what we just discussed in this article, all the global settings for the VPN client you are using.

3. To disconnect from a VPN connection, right-click the icon for the connection, and then click “Disconnect”

A lot of methods are available to recover or reset the Windows password. The famous Ophcrack is used for recovering the password. Even i have posted about using Ophcrack. But the problem is that its bulky in size. We need to download a file of size 500MB to recover the password. So I thought why to recover a lost password, instead why cant we simply reset or delete the password using a 3 MB file open source program. That is what this post is about. I have not found any other method simpler than this one, it resets your password in the blink of an eye.

The method uses an open source program called Offline NT Password & Registry Editor. We can use a USB Disk Drive (Pen Drive) or burn a bootable CD for this method.

Follow the Steps below:

Step 1: Download the cd080802.zip file from the link below and extract it. It contains an ISO file.

Size: 3.15 MB

http://pogostick.net/~pnh/ntpasswd/cd080802.zip (Updated Working Link 13-01-10)

Step 2: Burn the ISO file to a CD. If you are using a USB drive, then mount the cd080802.iso file to a virtual drive. Open the Virtual Drive and Copy all the contents to your USB disk. If any error comes while copying just skip the file. Now to make theUSB Drive Bootable open a Command Prompt(Press Start + R, Type cmd and enter) and type the following commands:

Here j is my drive letter, you should enter your own drive letter.

Step 3: Now start the System which you want to reset the password by putting the CD or the USB in the Computer. While start up you have to make sure that it boots up from the correct device i.e. from the CD or the USB. In order to do this go to your BIOS settings and change the boot order as CD or theUSB drive as the first option. Or if you know the Boot menu key then press it and Boot from the correct device.

Note: Step 4 to Step 8 takes a very less amount of time. No need to worry!

Step 4: After booting from the CD or the USB, press enter to continue the boot process. In the first step it will automatically select the disk where your windows is installed. Simply press enter to continue. In the Second Step it Will select the path and registry files. Select 1 for password reset (It will select 1 by default, just enter).

Step 5: Now after selecting the paths, It will ask “What to do?” Simply press enter as it will automatically select 1 for Edit User Password.

Step 6: It will show a list your system usernames and their password status. Now enter the username whose password you want to reset. It is case sensitive so, be careful and type what you see in the users list. (If the user is Administrator just press enter as it has already selected Administrator by default otherwise enter the correct username)

Step 7: It will show you User Edit Menu. Select 1 to clear the user password.

Step 8: It will clear the password. Now Enter “!” to quit from the User select menu. It will again ask “What to do?”. enter “q” to quit. Now in step four it will ask you to write the files or not. Enter “y” to write the files. It will write the files back. Now Simply press enter when it asks for “New run?” as it has selected no by default. Thepassword reset has been successfully completed. Press the power button.

Now start the computer and you will find that it is not asking for password for the user you had selected. That’s it, you are done.

Important:

1. This method will remove your password not recover. If you do not want to reset the password, you can recover it. Visit: http://techrena.blogspot.com/2009/03/windows-password-recoverycrack-windows.html for password recovery.

2. The method has been tested for windows XP, Windows Vista and Windows 7 and all resulted in success.

3. This is for information purposes only. We are not responsible for any damages or illegal acts resulting from this information.

4. The information provided here should be used for legal purposes only.

5. USB Disk method will not work if your motherboard or BIOS does not support USB booting.

Ubuntu has a boot loader called grub. if we change any partition or reinstall any pre installed os, the grub will be overwrites. To restore that damaged ubuntu Grub, Insert any ubuntu cd to your cd drve and restart the system.


Boot frm ur Ubuntu CD. You will reach the Ubuntu desktop. Open terminal. Type in the commands following the ">"

> sudo -i
> grub
> find /boot/grub/stage1

now NOTE wats coming as output. THIS IS IMPORTANT.

for me, it came as (hd0,3). so i am continuing with tht output. replace (hd0,3) with the output u got in ur system.

> root (hd0,3)
> setup (hd0) <------- HERE GIVE (hd0) no matter wat u got as output. > quit

Restart... DONE !

Google introduced Buzz, a new feature just like twitter within the gmail. now users can buzz any messages to all user or follow anyone that you like.

Google says that Google Buzz offers significant improvements over existing social networks such as Facebook and Twitter, although at this early stage of its development it's hard to see how.

Google Buzz has been designed as a single dashboard to help users deal with the often massive amount of information they receive through existing social networking sites.

Unfortunately, at this point Google Buzz has no links into Facebook, which puts Google in direct competition with the world's biggest social-networking site: and will immediately make the 'simpler-is-better' proposition a fallacy for Facebook's 400 million users.

• Review
• Spec
• Verdict
• Related Products

Google says that Google Buzz offers significant improvements over existing social networks such as Facebook and Twitter, although at this early stage of its development it's hard to see how.

Google Buzz has been designed as a single dashboard to help users deal with the often massive amount of information they receive through existing social networking sites.

Unfortunately, at this point Google Buzz has no links into Facebook, which puts Google in direct competition with the world's biggest social-networking site: and will immediately make the 'simpler-is-better' proposition a fallacy for Facebook's 400 million users.

Google buys social search engine Aardvark

To use Google Buzz, you must first have a Gmail account. (For the uninitiated, Gmail is known as Googlemail in the UK.)

Go to Google.com/buzz, and follow the simple instructions. At this point, you should get a 'Buzz' icon and link beneath the inbox link in the lefthand navigation of your webmail browser window. Right now it seems that not all users immediately get this tab, and it doesn't yet appear in our webmail unless we go into it via the Google Buzz homepage.

Google Buzz: go mobile

Users can also access Google Buzz via Google Apps on mobile phones. Simply surf on over to buzz.google.com on you phone, sign in and accept the user agreement. The Google Buzz iPhone app is little more than a shortcut to a Gmail page optimised for mobile, with Buzz added.

You can also create your own desktop application as a Site-Specific Browser (SSB) app for Google Buzz.There’s a guide at mashable (using Prism) on how to do it.But actually it’ creates SSB web app for Gmail not Buzz alone.This tutorial isn’t just for Buzz alone, you can create SSB apps for any website that uses cookies for login info and you want to simultaneously use multiple accounts at the same time.